The Windows Driver Inventory analytic is designed to identify and monitor drivers loaded across an entire Windows fleet by utilizing a PowerShell script input deployed on critical systems. The main objective of this detection is to flag unauthorized or potentially malicious drivers that could pose risks to system integrity. Malicious drivers can enable attackers to execute arbitrary code, escalate privileges, or maintain a persistent presence within the environment. This detection performs a statistical analysis on driver data collected from endpoints, showing the unique drivers present on each host, along with the first and last time each driver was recorded. It serves as an alerting mechanism for security teams to scrutinize the drivers and validate their legitimacy, thereby enhancing the security posture of the environment.